Gentoo Linux Security Advisory 201401-14 - Multiple vulnerabilities have been found in cURL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 7.34.0-r1 are affected.
3ce972737b30b0c5dc026e59570caab5
Ubuntu Security Notice 1894-1 - Timo Sirainen discovered that libcurl incorrectly handled memory when parsing URL encoded strings. An attacker could possibly use this issue to cause libcurl to crash, leading to a denial of service, or execute arbitrary code.
64cb425c8db8d0271efc95c1417a28ab
Mandriva Linux Security Advisory 2013-180 - libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curl_easy_unescape() decodes URL encoded strings to raw binary data. URL encoded octets are represented with \%HH combinations where HH is a two-digit hexadecimal number. The decoded string is written to an allocated memory area that the function returns to the caller. The updated packages have been patched to correct this issue.
ce001f7e3f8ac0ca3d741d058b0161c2
Red Hat Security Advisory 2013-0983-01 - cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A heap-based buffer overflow flaw was found in the way libcurl unescaped URLs. A remote attacker could provide a specially-crafted URL that, when processed by an application using libcurl that handles untrusted URLs, would possibly cause it to crash or, potentially, execute arbitrary code.
d19c014f0dea84b64804cd3dc62b3167
Debian Linux Security Advisory 2713-1 - Timo Sirainen discovered that cURL, an URL transfer library, is prone to a heap overflow vulnerability due to bad checking of the input data in the curl_easy_unescape function.
dc1cd459b62ba5a013c0d494842e444b
Slackware Security Advisory - New curl packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-2174.
49fcda0965ed7330fe5937c109da44e1